views:

41

answers:

1

How do you back-door authenticate Windows users into a website using forms authentication running on IIS 7.0?

+1  A: 

Create a separate page to handle windows logins. This page will authenticate the user and then set the Forms cookie for them. Then, add the page to the web.config to tell IIS 7 to use Windows authentication on that particular page.

<configuration>
...
<!-- this file captures the user and redirects to the login page -->
  <location path="Account/WindowsLogin.aspx">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
    <system.webServer>
      <security>
        <authentication>
          <windowsAuthentication enabled="true" />
          <anonymousAuthentication enabled="false" />
        </authentication>
      </security>
    </system.webServer>
  </location>
</configuration>
Brad